Lightboard Lessons: What is BIG-IP APM?
In this Lightboard, I light up some lessons on BIG-IP Access Policy Manager. BIG-IP APM provides granular access controls to discreet applications and networks supporting 2FA and federated identity management. You can also check out Chase's written article What is BIG-IP APM? ps Resources Getting Started with BIG-IP APM (Lesson 1) Getting Started with BIG-IP APM (Lesson 2) Getting Started with BIG-IP APM (Lesson 3) Configuring BIG-IP Access Policy Manager (APM)Post of the Week: Two-Factor Auth and SSO with BIG-IP
In this Lightboard Post of the Week, I answer a question about 2FA and SSO with AD/RSA on BIG-IP by creating a SSO Credential Mapping policy agent in the Visual Policy Editor, that takes the username and password from the logon page, and maps them to variables to be used for SSO services. Special thanks to senthil147for the question and a new 2018 MVP, MrPlastic (Lee Sutcliffe, which I flubbed) for the great answer. Posted Question on DevCentral: 2FA Authentication with SSO on APM psPost of the Week: SAML IdP and SP on One BIG-IP
In this Lightboard Post of the Week, I answer a question about being able to do SAML IdP and SP on a single BIG-IP VE. Thanks to DevCentral Members hpr and Daniel Varela for the question and answer. +25 DC points for ya! Posted Question on DevCentral: https://devcentral.f5.com/s/questions/apm-ltm-121-saml-idp-and-sp-possible-in-one-ve-58114 If you got an answer you'd like lit up on the Lightboard, let us know in the comments! psThe DevCentral Chronicles Volume 1, Issue 4
If you missed our initial issues of the DC Chronicles, you can catch up with the links at the bottom. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue. Welcome! Like last month, we’re digging the OWASP Top 10 #Lightboard series from @JohnWagnon. He wrapped it up this month with numbers 9 & 10 - Using Components With Known Vulnerabilities and Insufficient Logging and Monitoring. To give you a sense of how these have been received, YouTube viewer Sanket Kamath says, ‘Thank you for the excellent overview for all of the OWASP Top 10 2017! John made it really easy to understand each of the 10 attacks with his explanation!’ Check out the entire playlist! Speaking of LightBoard Lessons, we had a few fantastic ones this past month. John took on lighting up the GitHub DDoS Attack and Explaining the Spectre and Meltdown Vulnerabilities while Jason gave us the OSI and TCP/IP Models and What Are Containers? I added SAML IdP and SP on One BIG-IP to round out our videos. On the Security front, we had a bunch of great articles covering a mess, and I mean a mess of stuff. The mess was some new vulnerabilities and our Security Researchers had the mitigations for many including Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270), Drupal Core SA-CORE-2018-002 Remote Code Execution Vulnerability and Jackson-Databind - A Story of Blacklisting Java Deserialization Gadgets. We also learned how to Protect your AWS API Gateway with F5 BIG-IP WAF, how to configure F5 BIG-IP as an Explicit Forward Web Proxy Using Secure Web Gateway (SWG) and how to set up ADFS Proxy Replacement on F5 BIG-IP. The Cloud folks will love Lori’s Three Types of Load Balancing You Meet in the Cloud, DNS Admins will dig Eric’s Unbreaking the Internet and Converting Protocols and Coders will enjoy Jason’s Debugging API calls with the python sdk and Satoshi’s iControl REST Fine-Grained Role Based Access Control. And, we couldn’t let this Chronicle pass without mentioning an awesome @haveibeenpwned #Pwned Passwords Check #CodeShare from MVP Niels van Sluis. This snippet makes it possible to use @troyhunt ‘Pwned Passwords’ API to check if the password has been exposed. See it here: http://bit.ly/2GOhi1y And wrapping up, a wonderful contributor Daniel Varela is DevCentral's Featured Member for April and F5 Agility is coming to Boston, MA this August! As always, You can stay engaged with @DevCentral by following us on Twitter, joining our LinkedIn Group or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures. ps Previous Volume 1, Issue 1 Volume 1, Issue 2 Volume 1, Issue 3The DevCentral Chronicles Volume 1, Issue 3
If you missed our initial issues of the DC Chronicles, catch up on January Issue 1 and February Issue 2. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed over the last month. Welcome! Kicking off this issue is the OWASP Top 10 and the #Lightboard series from @JohnWagnon. Not to be confused with Matthew McConaughey, John drops numbers 6-7-8 of the Top 10 recently. He lights up Security Misconfiguration, Cross Site Scripting and Insecure Deserialization this time around and we have a YouTube Playlist to catch them all. Great series and only two more to go! One of the most popular articles over the last couple weeks was @dholmesf5 The Top Ten Hardcore F5 Security Features in BIG-IP 13! Always a fun read, David dives in to some of the coolest security functionality in BIG-IP v13 along with sharing some personal stories. David is a master at weaving in personal plight with information security so don’t miss it. Have you jumped on the #SuperNetOps bandwagon yet? Wondering how it can help you move into the #DevOps realm? We have a section dedicated to Super NetOps and recently, @JasonRahm added a FAQ to help you get past the hump. We’ve also posted a couple mitigations to some recent vulnerabilities. Security researcher Gal Goldshtein shares how to mitigate the Oracle Tuxedo "JOLTandBLEED" vulnerability (CVE-2017-10269) along with the Jenkins Unsafe Deserialization Vulnerability (CVE-2017-1000353). Gal offers step-by-step instructions on how to set it up on BIG-IP ASM. Also for ASM this month, Nir Ashkenazi shared a couple new Ready Templates, one for SharePoint 2016 and one for Drupal 8. Both help you simplify the configuration process and secure those applications. Rounding out this issue of the Chronicles has Robbie Stahl covering BIG-IP VE on VMware for Custom Properties and an Ansible Deployment; I write up some goodness on F5’s Application Connector; And, Hannes Rapp is our Featured Member for March. Hannes is an Independent F5 Engineering Consultant focusing on BIG-IP ASM and LTM. According to Hannes, 'if you combine these two modules, you have the best of F5 product portfolio. One without another is incomplete BIG-IP.' We wouldn’t argue that. As always, You can stay engaged with @DevCentral (and watch how we create our LightBoard Lessons), join our LinkedIn Group or subscribe to our YouTube Channel. Look forward to hearing about your BIG-IP adventures. psPost of the Week: BIG-IP Policy Sync
In this Lightboard Post of the Week, I light up the answer to a question about BIG-IP APM Policy Sync. Posted Question on DevCentral: https://devcentral.f5.com/s/questions/apm-policy-sync-56330 Thanks to DevCentral user Murali (@MuraliGopalaRao) for the question and special thanks to Leonardo Souza for the answer! ps Related: DevCentral’s Featured Member for May – NTT Security’s Leonardo Souza Manual Chapter:Synchronizing Access PoliciesLightboard Lessons: Connecting Cars with BIG-IP
I light up how BIG-IP and Solace work together in a MQTT connected car infrastructure. ps Related: Using F5 BIG-IP and Solace Open Data Movement technology for MQTT message routing and delivery Lightboard Lessons: What is MQTT? Solace and F5: Partnering for Better IoTLightboard Lessons: What is HTTP?
In this Lightboard Lesson, I light up some #basics about HTTP. HTTP defines the structure of messages between web components such as browser or command line clients, servers like Apache or Nginx, and proxies like the BIG-IP. ps Related: What is HTTP? What is HTTP Part II - Underlying ProtocolsLightboard Lessons: What is BIG-IQ?
In this Lightboard Lesson, I light up many of the tasks you can do with BIG-IQ, BIG-IQ centralizes management, licensing, monitoring, and analytics for your dispersed BIG-IP infrastructure. If you have more than a few F5 BIG-IP's within your organization, managing devices as separate entities will become an administrative bottleneck and slow application deployments. Deploying cloud applications, you're potentially managing thousands of systems and having to deal with traditionally monolithic administrative functions is a simple no-go. Enter BIG-IQ. ps Related: What is BIG-IQ?Lightboard Lessons: BIG-IP ASM Layered Policies
In this Lightboard Lesson, I light up some use cases for BIG-IP ASM Layered Policies available in BIG-IP v13. With Parent and Child policies, you can: Impose mandatory policy elements on multiple policies; Create multiple policies with baseline protection settings; and Rapidly push changes to multiple policies. ps Resources Configuring BIG-IP Application Security Manager (ASM)
